| version 1.188, 2004/05/22 16:01:05 |
version 1.189, 2004/06/13 14:01:42 |
|
|
| supports hostbased or challenge response authentication. |
supports hostbased or challenge response authentication. |
| .Pp |
.Pp |
| Protocol 2 provides additional mechanisms for confidentiality |
Protocol 2 provides additional mechanisms for confidentiality |
| (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) |
| and integrity (hmac-md5, hmac-sha1). |
and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). |
| Note that protocol 1 lacks a strong mechanism for ensuring the |
Note that protocol 1 lacks a strong mechanism for ensuring the |
| integrity of the connection. |
integrity of the connection. |
| .Ss Login session and remote execution |
.Ss Login session and remote execution |
|
|
| configuration files; see the |
configuration files; see the |
| .Cm Compression |
.Cm Compression |
| option. |
option. |
| .It Fl c Ar blowfish | 3des | des |
.It Fl c Ar cipher_spec |
| Selects the cipher to use for encrypting the session. |
Selects the cipher specification for encrypting the session. |
| |
.Pp |
| |
Protocol version 1 allows specification of a single cipher. |
| |
The suported values are |
| |
.Dq 3des , |
| |
.Dq blowfish |
| |
and |
| |
.Dq des . |
| .Ar 3des |
.Ar 3des |
| is used by default. |
|
| It is believed to be secure. |
|
| .Ar 3des |
|
| (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
| |
It is believed to be secure. |
| .Ar blowfish |
.Ar blowfish |
| is a fast block cipher; it appears very secure and is much faster than |
is a fast block cipher; it appears very secure and is much faster than |
| .Ar 3des . |
.Ar 3des . |
|
|
| .Ar 3des |
.Ar 3des |
| cipher. |
cipher. |
| Its use is strongly discouraged due to cryptographic weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
| .It Fl c Ar cipher_spec |
The default is |
| Additionally, for protocol version 2 a comma-separated list of ciphers can |
.Dq 3des . |
| be specified in order of preference. |
.Pp |
| See |
For protocol version 2 |
| .Cm Ciphers |
.Ar cipher_spec |
| for more information. |
is a comma-separated list of ciphers |
| |
listed in order of preference. |
| |
The supported ciphers are |
| |
.Dq 3des-cbc , |
| |
.Dq aes128-cbc , |
| |
.Dq aes192-cbc , |
| |
.Dq aes256-cbc , |
| |
.Dq aes128-ctr , |
| |
.Dq aes192-ctr , |
| |
.Dq aes256-ctr , |
| |
.Dq arcfour , |
| |
.Dq blowfish-cbc , |
| |
and |
| |
.Dq cast128-cbc . |
| |
The default is |
| |
.Bd -literal |
| |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| |
aes192-cbc,aes256-cbc'' |
| |
.Ed |
| .It Fl D Ar port |
.It Fl D Ar port |
| Specifies a local |
Specifies a local |
| .Dq dynamic |
.Dq dynamic |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh